The insurance industry has been talking about technological evolution for a long time. From the rise of insurtechs to implementing tools like client portals and e-signature, the need for digital transformation has been top-of-mind for all insurance professionals. But in 2018, the barriers have been removed, and this talk will finally evolve into significant action. The combination of competitive conditions, availability of cost-effective technology and numbers of independent agents striving for growth and better service creates the perfect storm to drive agent digital transformation. While embracing digital is integral to competing in the market, consumers still heavily rely on the human, one-on-one service that only agents are able to provide. Great customer service is foundational for all agents. Providing the ideal mix of technology solutions and personal interaction should be at the center of an agency’s planning process as it prepares to meet customer demands and increase growth and retention. See also: Insurtechs: 10 Super Agents, Power Brokers   As the year comes to a close, we analyzed current trends and patterns in the insurance industry and developed five predictions for independent agents in 2018: 1. All about the infrastructure: Insureds expect on-demand service. They want their agencies to be always-on and to be able to conduct insurance business whenever and wherever they like. Agencies need systems and processes that can efficiently handle their workload. They have to have strong and flexible digital infrastructure to grow and expand. This includes interactive websites with online chat and quoting capabilities, client portals and mobile apps, next-generation agency management systems and integrated call centers for 24/7 service. In the new year, agents will be evaluating their infrastructures and expanding capabilities and services for clients. 2. Move from closed loop to open access: Agents operate in many environments. They regularly visit multiple carrier websites, manage their workload in their agency management system and pursue prospects who are gathered in their customer relationship management system. Most of these applications are closed, meaning that information put into one system won’t automatically populate into another system. This forces agents to spend time on manual workarounds and double data entry. Agents will seek to partner with companies and implement tools that can bridge the gap between various systems and choose applications that are built on open structures, meaning they “talk” to one another. 3. Pursuit of the paperless agency: E-signature is nothing new, it has been around the industry for 20 years. However, many agents still don’t use it. But in 2018, a large number of agencies will take the plunge and finally implement e-signature and other e-document tools. With a desire to not only be more efficient but also to improve the sustainability of their operation, more agencies will shift to an all-digital mentality when it comes to sending, receiving and signing documents. But this can’t be done in a vacuum. Agencies will also collaborate with carriers and be informed by regulators to help make the shift to all-digital documentation. 4. Synergistic partnerships increasing access to sales analytics: The carrier/agent partnership is about to go beyond a provider/seller framework. Agents and carriers both have access to unique information that, when shared, can help both organizations grow. Agents gather sales data such as target market behaviors, web preferences and specific product interest that can help carriers improve sales and marketing efforts. Meanwhile, carriers have the technological infrastructure and expertise enabling them to provide education, training and best-practice programs that can help agencies improve their digital capabilities. These two entities will develop stronger partnerships that will enable both of them to improve sales. 5. Agents embrace artificial intelligence (AI): For agents who are still trying to find ways to implement interactive websites, e-signature, or client portals, technologies such as machine learning, robotics and artificial intelligence seem way outside of their current capabilities. But these tools are beginning to become more commonplace, and agents will appreciate their ease and benefits and might even realize they have already been using some sort of AI. From automatic fill on certain forms to using machine learning to move key prospects to the top of the workflow to installing chatbots on websites that can resolve claims and answer clients’ simple questions, agencies will convert from trepidation to the implementation of AI that will drive key processes. See also: Chatbots and Agents: The Dynamic Duo   2018 will be a transformative year for independent agents with many taking significant steps toward digital adoption. But even as agents embrace technology they cannot forget the human element. As more agents adopt these digital solutions, they will have to find the balance between technological evolution and one-on-one personal customer service.

The Internal Revenue Service is acting to help individuals who are eligible for Patient Protection and Affordable Care Act (Obamacare) health subsidies and who live in regions where exchange insurers do not offer bronze (lowest-cost) coverage, even as it moves ahead to nail employers failing to comply with Obamacare's employer shared responsibility rules (commonly referred to as the "employer mandate"). IRS New Individual Obamacare Relief Notice 2017-74  will provide that individuals who are not eligible for coverage under an eligible employer-sponsored plan and who lack access to affordable coverage should not be denied the use of the affordability exemption under § 5000A(e)(1) of the code and § 1.5000A-3(e) of the regulations merely because they reside in an area served by a marketplace that does not offer a bronze-level plan. Consequently, for purposes of the affordability exemption under § 5000A(e)(1) and § 1.5000A-3(e), if an individual resides in a rating area served by a marketplace that does not offer a bronze plan, the individual generally should use the lowest-cost metal-level plan available in the marketplace serving the rating area in which the individual resides. Notice 2017-74 will be in IRB 2017-51, dated Dec. 18, 2017. See also: Optimizing Financing in Healthcare   Employers Still Face Obamacare Penalties While the IRS has issued limited relief for individuals from the ACA's individual mandate penalties, so far it has remained steadfast in its refusal to grant employers corresponding relief from the ACA employer-shared responsibility penalties or other ACA penalties. Instead, IRS officials continue to make clear that the IRS intends to enforce the ACA employer-shared responsibility rules against employers with 50 or more full-time employees (including full-time equivalent employees). Under the Obamacare employer mandate rules, covered employers face significant federal tax penalties for (1) failing to offer minimal essential coverage to substantially all full-time employees and their dependents (the “A Penalty”), or (2) offering coverage that is either “unaffordable” or does not provide “minimum value” (the “B Penalty”) if a full-time employee enrolls in the health insurance marketplace and receives a premium tax credit. While many employers assumed President Trump's Jan. 20, 2017, executive order "Minimizing the Economic Burden of the Patient Protection and Affordable Care Act Pending Repeal" would insulate them against enforcement of the employer mandate and other Obamacare penalties, the IRS doesn't see the executive order as barring its enforcement of Obamacare against sponsoring employers or their group health plans. In an April 14, 2017, IRS Chief Counsel letter, for instance, the IRS announced it does not interpret its discretionary authority under Obamacare to allow waiver of the employer mandate tax imposed under Internal Revenue Code Section 4980H against covered employers that fail to provide the affordable minimum essential coverage required by the employer mandate. In keeping with this interpretation, the IRS has announced that it will begin enforcement of the employer mandate tax liability for plan years after 2015 against covered employers that failed to meet the employer mandate. Of course, the employer mandate is not the only Obamacare provision that employers and their health plans need to worry about. In addition to the employer mandate, Obamacare imposed a host of patient protection and other federal mandates upon employer-sponsored plans, most of which apply to plans covering two or more employees. In addition to any benefit and other administrative penalties that otherwise arise under the Employee Retirement Income Security Act or the Social Security Act for violating these mandates, employers sponsoring plans that violate any of 40 listed mandates imposed by Obamacare or certain other federal laws also become liable under Internal Revenue Code Section 6039D to self-identify, self-assess, report on Form 8928 and pay an excise tax equal to $100 per person per uncorrected violation. The IRS, Department Of Labor and Department Of Health and Human Services have taken the position that the Jan. 20 executive order also does not bar enforcement of those Obamacare penalties. Accordingly, employers and their group health plans continue to face potentially substantial liability if their group health plan does not comply with Obamacare. See also: U.S. Healthcare: No Simple Insurtech Fix   In the face of these exposures, employers and their group health plan should carefully review their plans and their administration for compliance before the end of the plan year so as to be able to take appropriate and timely corrective action before penalties attach and while stop loss or other insurance is available to help mitigate the cost of these corrections. Employers preparing for health plan renewals also should review their group contracts and conduct due diligence to verify their group health plans terms and operations meet the mandates as they initiate new plan years. Employers also generally will want to review their compliance and take action to address any deficiencies against any vendors or advisers who may have culpability in the defective health plan design or administration. Prompt action against vendors who may be culpable for the design or administration defects is necessary to preserve potential claims for deceptive trade practices or other causes of action that an employer might have under state contract, tort or other law. Employers and health plan fiduciaries should consider engaging experienced legal counsel to conduct this review on behalf of the employer or other plan sponsor within the scope of attorney-client privilege so as to assess and address these potential risks on a timely basis.

The annual EY Insurance Executive Forum in New York City last week crystallized some thoughts about the complexity of the innovation journey that insurance and risk management professionals face. So, as we head into the holiday season, while kidding ourselves about watching our eating, here is some calorie-free food for thought:

I often say that I've been watching the same movie on digital transformation for more than three decades, since I started covering IBM for the Wall Street Journal in 1986 and saw it implode, followed by disruption to the whole computer industry, followed by Internet-driven upheaval for retail, journalism, music, you-name-it. But I now think that the path for insurance and risk management will be more complicated and not just because of the complex regulatory environment. One would be remiss to overlook a fundamental reality: The convergence of technological capabilities, business acumen, and risk management resulting in the reinvention of an industry has become highly refined and remarkably well capitalized.

There are really four plot lines happening simultaneously within insurance and risk management.

First, as usually happens, every part of the value chain is being reexamined. Distribution has been a particular focus for innovators, but underwriting, claims, operations and everything else are also up for grabs. Given that nearly 40 cents of every premium dollar go to expenses, including loss adjustment expenses, there is an awful lot of room for innovation at a time when every industry faces extreme pressure for efficiency. But one person's efficiency is another person's revenue, so the push is never easy. Based on innovators tracked via the Innovators Edge platform, nearly 2,000 firms spanning 178 countries are "insurtechs" focused on transforming some aspect of insurance.

Second, the core of the product itself is changing, even more than typically happens when, say, music goes digital or when something like car rides or hotel rooms become based on sharing, coordinated through a digital overlay from an Uber or Airbnb. Increasingly, innovators are finding new ways to manage risk and prevent losses, rather than just compensating for losses after they've occurred. New business models have only peeked their heads out thus far, but some are surely coming and will drive great change while creating great angst. The number of early stage technology firms that focus on areas we refer to as reinventing the actual risks managed by insurers—areas such as artificial intelligence, genomics, robotics and more—tops 68,000 worldwide, per Innovator's Edge.

Third, the nature of work is changing. This is happening in every industry as robotic process automation (RPA) takes over routine tasks. For insurers, the complication is that the change is happening at the same time that they're wrestling with the sorts of fundamental issues that other industries have been adjusting to for 15 or 20 years now. In many ways, automation should be welcome in insurance both because it cuts expenses and because it could reduce the pain that is surely coming as so many in insurance professionals reach retirement age. But the change will require adjustment and create uncertainty.

Fourth, customer expectations are being reset in ways that are shocking insurers. They are finding themselves forced to conform to the sort of expectations that Apple's "there's an app for that" and Amazon's one-click have created in consumers. Again, every industry has had to confront these new expectations from customers who just "aren't going to take it" any more, but the change is happening unusually quickly in insurance, which intuitively makes sense given the sheer volume of customer experiences being reinvented every day. Having groceries and recipes delivered weekly was unknown globally 24 months ago and now boasts a market cap exceeding $2B. The industry pretty much remained in a cocoon until a couple of years ago but now must snap into line, not with the fledgling Amazon of 20 years ago, but with the overpowering Amazon of today. When customers begin asking Alexa for a quote on their car insurance, the train will have long since left the station on a stellar experience coming from within the industry.

Personal computer pioneer Alan Kay says that "everybody likes change – except for the change part." And change in insurance looks like it will follow an unusually convoluted series of plot lines. That said, the entire EY team is to be applauded for creating an EY Insurance Executive Forum experience that was rich with lessons learned and powerful advice.

As a supporting partner on the 2017 event, here are our top 6 important things we choose to highlight from this year's conference: 

1. C-Suite insurance leadership need not worry about having the in-house talent to succeed executing a systematic approach to innovation. If sleep is to be lost over innovation and talent, then let the discomfort come with the issue of retaining that talent while the company contemplates a systematic approach to innovation. A strategy to identify and hire the talent that doesn't fit historic cultural norms is another priority requiring attention. This message came through loud and clear in remarks from Eric Steigerwalt of Brighthouse Financial, Andrew Robinson of Oak HC/FT, Donna Peeples of Pypestream and Progressive Insurance CEO Tricia Griffith.
2. A cornerstone of success for world class innovation-based growth strategies is having a C-suite who command truth, unfiltered honesty and constructive conflict. No better examples can be cited than the rapid fire, at times thundering, fact based presentation from ACORD's Bill Pieroni, the candid and humorous words of Wisconsin Commissioner Ted Nickel, and the quietly direct advice from Piyush Singh, founder of Terrene Labs.
3. The common thread that connected every speaker thriving amidst what many see as chaotic noise is the leveraging of constraints to drive innovation. The laser-like focus on a well-defined customer segment, a problem for that segment (also known as the Job To Be Done) and a well-developed solution yields growth. This convergence was embodied in the comments of Andrew Beal and Mike Consedine of the NAIC, Marcus Cooper of Zurich North America, and Gina Papush of QBE.
4. The core mission of insurance is to enable economies. Such is the role that insurers have played through history, from opening Europe to the shipping trade with the Far East, to the launch of a new nation in the 1750s, to transforming mobility in the 1920s. The opportunities to harvest exponential growth by enabling this innovation economy bring the equally compelling opportunity to literally make the world a better place. Lyft's Kate Sampson captivated the participants with her description of the culture of innovation at Lyft and the future of mobility. ITL's Chief Innovation Officer Guy Fraker shared this message with explicit optimism, as did EY's Global Insurance Lead, David Hollander, and Philip Edmundson of Corvus Insurance.
5. Innovation requires sponsorship of the CEO. However, what is often missed is the stark reality that consistent success of innovation lives and dies in the middle of established cultures. The conference offered more than a few speakers reinforcing this message including Barbara Turner of Ohio National, Terrance Williams of Nationwide and Charlie Mihaliak of EY. This notion of how best to harness and foster cultural diversity as part of an organization's strategy to grow through innovation, is a theme we at ITL believe is critically important.
6. Success in achieving growth by executing an innovation system is unique in the insurance industry. That said, best practices and valuable lessons learned can come from anywhere, which was echoed by innovation leaders Scott Sanchez of Nationwide and Dan Reed of American Family. Important, too, were the comments and experiences of industry innovator Barbara Humpton of Siemens, providing an outside-the-industry look at how organizations like Siemens approach and foster innovation.

We would love to hear any reactions/additions/corrections on the above. 

Cheers,

Paul Carroll and The ITL team

The dam has likely broken on sexual harassment claims. While the allegations currently focus on celebrities, politicians and other public figures, we can expect it to broaden to encompass virtually anyone in an organization. Victims now have a plethora of ways to address wrongdoings: social media with the #MeToo hashtag, traditional media and, of course, the legal system. The risks to organizations are reputation, loss of focus and reduced productivity levels in the face of the negative publicity, legal costs, and legal awards or settlements. The current climate may very well have set the stage for some very large jury awards as juries decide to punish those who they feel failed to take the steps that should have been taken. Make sure your company and clients don’t fall into this category. If your clients or company have not already implemented solid risk management practices in the employment practices arena, do so immediately! Make certain you have strong anti-harassment policies in place that are fully supported from the top down through the organization, train everyone in the company on the dos and don’ts of all forms of harassment, establish a clear line of communication for employees to report harassment and make certain that all complaints are promptly and competently investigated. Lastly, if you haven’t historically purchased employment practices liability insurance, revisit that decision, as well. What do you think? Will the current deluge of harassment claims become a flood? Has corporate America done what it should to mitigate and manage the risks? Are companies large and small buying adequate insurance to fund the claims they cannot avoid? Share your insights and recommendations with other readers in the IRMI Group on LinkedIn. You can find more at IRMI.com.

In my last three blogs, we discussed what it means to be a digital insurer and how digital preparedness looks much like a fusion reactor — accomplishing something we called Digital Fusion. For a recap, you can begin with the blogs here. In the November 2017 issue of Canadian Underwriter, I also discussed why Digital Fusion is necessary and what it takes to become a digital insurer. We gave some specifics regarding how digital preparedness meets insurer needs throughout the insurance process. Today, we’ll look at how insurers will benefit from Digital Fusion, but we will home in on growth as a primary benefit — because digital strategies should never lose sight of their focus on growth. Digital Fusion enables growth. Platform Shifts at the Core of Digital Growth (Systems) No matter what lines of business an insurance company sells, it is going to want to accept new technologies and data sources into its unique ecosystems. Legacy core systems currently stand in the way. These systems have proven their capability to run traditional business models (Insurance 1.0), and they are mission-critical transactional systems that ensure continuing operations and compliance. However, over time, these systems have generally been cobbled together through expensive, high-level and limited integration points. These ecosystem solutions are often originated at different enterprises with different architecture, technology and even data models. Out of necessity, they were “integrated” for positioning as attachments to the primary core system. This may have sufficed to address short-term needs, but the approach falls short in providing differentiated customer experience and deep engagement because the solution will simply be the façade painted over the top of the insurer’s transactional systems. See also: How Sharing Economy Can Fuel Growth   Rather than a retrofit architecture, the next generation of core is a complete architecture redesign that fuses common capabilities across transaction processing, insights and engagement needs with a strong “find and bind” integration architecture to tap into an ecosystem of innovative data and solutions. It is open to non-native components, supports rapid change to adapt to shifting industry needs and allows for continuous innovation. It can generate analytics and calibrate the customer-centric solution without losing speed or increasing total cost of ownership. That positions the insurer for market adaptability, innovation and, most importantly, continued growth. Speed-to-Market Growth — Evidence for Agile Digital Connectedness (Innovations) Part of the fascination of Digital Fusion is an acknowledgment that the sky is the limit and that digital thinking will provide growth through speed. Let’s look at an example from auto insurance. Vehicles are able to tell us more and more every day. We started with telematics being able to communicate miles driven. Then we added capabilities such as speed, acceleration and braking habits. Carried to the limit, however, automobiles are mobile data nets. They can know where traffic is, where most accidents occur, how closely cars are following each other and even the temperature outside, including if ice is building on the roadways. Most have sensors that know when impact has happened. Consider all of the data that can be fused into these products and their analysis to provide real-time value as well as operational value. The P&C insurer that can apply all forms of digital content (social media usage, localization, IoT, mobile usage while driving) and also have access to relevant transportation data will be far more liable to be able to price competitively. Add another layer: digital feedback. How can the insurer rewrite daily driving scenarios with simple communications back to the insured to reduce risk or to provide value-added services? Insurers in all lines of business will be dramatically improving their use of real-time feedback in the coming years. But that capability is only the tip of the product iceberg. What if the insurer could take that information and roll it into a new usage-based product in a matter of months across all geographies because it is employing a cloud “find and bind” architecture, allowing it to freely use innovations without massive integration work? That is the promise of Digital Fusion. Traditional platforms can’t keep up with innovation growth. "Find and bind" architectures facilitate growth through innovations. This isn’t just a vision of the future. Majesco is currently working with companies that have already implemented frameworks where it is taking “months not years” from product idea to market launch. To view some of those examples, consult the recent Majesco white paper on cloud business platforms. Big Growth in Smaller Packages (Products and Experiences) Digital insurance 2.0 represents a new age of insurance that requires a new way of understanding how digital platforms will affect insurance growth — that much growth will come through segmentation. What does this look like?

• Higher volumes of lower transaction values.
• Personalized service down to the individual level, even if the insurance is sold to groups.
• Micro-duration insurance priced and sold “on demand.”
• Insurance that is so personalized in use that it must use AI to consolidate data, analytics, pricing and underwriting.
• Low-touch operations with a high-touch feel using cognitive communications.
• Much of this is accomplished with a micro-services approach, instead of a core system administration approach.

Digital Fusion will provide insurers with multi-channel engagement, using journey maps, highly specialized apps and content to face customers with personalized experiences. But then it will go one step further, into usage analysis, so that insurers will be able to use data to measure and tweak processes. Engagement + Insights = Growth (Relationships) Digital apps are known as systems of engagement. Analytics apps are known as systems of insight. In a digital insurance platform, apps do not operate within silos. They are exposed to each other so they can provide power through Digital Fusion. The power that comes through app fusion is specifically related to innovation and growth because it represents cyclical improvement. Insights will fuel new methods and measures of engagement. Enhancements to engagement will create deeper knowledge and expanded growth. This is important because most insureds (individuals and businesses) want to be known. They trust an organization that they feel understands their needs and engages them. This makes Digital Fusion not only a platform for growth, but a platform for relationship-building. Great relationships will fuel healthy growth and high retention. See also: Core Systems and Insurtech (Part 3)   In Summary Now, when someone asks why the organization should be considering digital transformations, you can say, “growth,” and share this four-point primer on how digital enhancements are going to yield growth. To recap, digital insurance platforms provide:

• Digitally capable systems, without the distractions of infrastructure and operations
• The ability to plug in innovations
• A framework for creating a broader range of products with improved user experiences
• A steady stream of valuable insights that will perpetually provide relationship-building ideas for engagement.

Plus,

• More profit with a better process
• Lower risk at lower cost while building a future-ready insurance operation

At Majesco, we are reimagining and providing the next generation of digital insurance platforms to insurers within all lines of business. To dig deeper into digital platform transformation, be sure to read Majesco’s thought-leadership paper, Cloud Business Platform: The Path to Digital Insurance 2.0. This article was written by Manish Shah.

Approximately a year after the zombie malware Marai took some major websites off-line for much a day, cybersecurity researchers recently identified a potentially more potent threat called Reaper. Experts warn that Reaper has the capability to take down the entire internet. Marai Zombie Malware In late 2016, an online infrastructure firm called Dyn was the victim of a massive distributed denial of service (DDoS) attack attributed to Marai, an IoT attack malware. The DDoS attacker deliberately overloads a target server with an abnormal amount of traffic, using an army of infected computers, known as a “botnets,” to carry out the information requests. This often results in a crashed server, knocking the target website offline, effectively disrupting normal business. As more and more common household devices become connected to the internet, attackers are able to leverage an ever-growing army of devices to carry out these attacks. Marai weaponized IoT devices, such as digital video recorders (DVRs), wireless routers and CCTV cameras, by exploiting factory-default or hard-coded usernames and passwords. A number of Dyn’s high-profile clients, including Twitter, Amazon and Netflix, were taken offline. The Grim News About Reaper CheckPoint, an Israeli cybersecurity firm, has said that the Reaper IoT malware is “forming to create a cyber-storm that could take down the internet.” Reaper is exponentially more dangerous than Marai because it exploits at least nine security vulnerabilities across a wider range of devices. Those vulnerabilities are identified on the CheckPoint website. CheckPoint warned that Reaper is expanding “at a far greater pace and with more potential damage than the Marai botnet of 2016,” and it estimated that more than a million organizations worldwide already have been affected. Noted cyber security reporter Brian Krebs further noted: “It’s a safe bet that whoever is responsible for building this new Reaper IoT botnet will have more than enough firepower capable of executing Dyn-like attacks at internet pressure points. Attacks like these can cause widespread internet disruption because they target virtual gateways where third-party infrastructure providers communicate with hordes of customer Web sites, which in turn feed the online habits of countless internet users.” See also: How to Keep Malware in Check   Cost of a DDoS Attack For many victims of a DDoS attack, lost internet traffic can equate to staggering costs and lost revenue. According to a survey Dyn sponsored and published in August 2016, the majority of companies surveyed calculate that an internet outage costs them a minimum of $1,000 per minute. Protective Measures Today’s connected enterprises definitely should fear the Reaper (apologies to 1970s rock band Blue Oyster Cult). But there are a number of steps companies can take to mitigate the risk of being taken offline by Reaper or other IoT attack malware. And because 100% prevention against the risk is impossible, companies also should consider transferring the residual risk through insurance. Avoid or Mitigate the Impact of a DDoS Attack There are several strategies an organization can deploy to prevent a DDoS attack or at least mitigate the effects of one, including:

• Set traffic thresholds: Companies can track how many users typically visit their website on any given day, hour and minute. Volume can change based on a number of factors. By having this historical knowledge, thresholds can be installed and real-time alerts can be generated to advise of abnormal traffic.
• Blacklist and whitelist: Control who can and cannot access your network with whitelists and blacklists for specific IP addresses. However, be mindful that certain IP addresses may generate false positives and be blacklisted when they are in fact legitimate traffic. By temporarily blocking traffic, a business can see how it responds. Legitimate users usually try again after a few minutes. Illegitimate traffic tends to switch IP addresses. A good resource to help begin the process of whitelisting and blacklisting can be found on the DNS whitelist. Here you will find IP addresses, domain names and e-mail contact addresses. Each IP address is given a trustworthiness level score.
• Reroute traffic with additional servers. By having additional servers on standby to handle an abnormal increase in traffic, a business can improve the odds against one server being overwhelmed. While this is likely the most cost-effective method, it is difficult to tell how many might be needed because the size of the attack can vary.
• Consider using content-delivery networks (CDN). This method involves using external resources to identify illegitimate traffic and diverting it to a cloud-based infrastructure.
• There may be contractual obligations that are affected during and after a DDoS attack. As such it is important to review contractual liability implications with customers and business partners. Review contracts with an eye toward the following: Revise unfavorable service-guarantee language due to downtime resulting from a DDoS attack. Allocate liability for potential outages as appropriate. Clauses that require security-incident notification under contract may be detrimental, especially when not required by law. Be sure your attorney reviews language related to this specific issue.
• Terminate traffic as soon as a DDoS attack starts. Terminate unwanted connections or processes on servers and routers and tune their TCP/IP settings. If the bottleneck is a particular feature of an application, temporarily disable that feature.
• Analyze traffic and adjust defenses. If possible, use a network-analyzer tool to review the traffic. Create a network-intrusion-detection system signature to differentiate between benign and malicious traffic. If adjusting defenses, make one change at a time, so you know the cause of the changes you may observe. Configure egress filters to block the traffic your systems may send in response to DDoS traffic, to avoid adding unnecessary packets to the network.
• Notify and activate your incident-response team, if one is already in place. Contact the company’s executive and legal teams. Upon their direction, consider involving law enforcement and collaborate with your business-continuity/disaster-recovery team.
• Create a communication plan. A company can easily become overwhelmed with inquiries from customers, business partners and media during a DDoS attack. Create a status page with a statement explaining the circumstances of the event. In addition, a template letter can be created to automatically respond to customers that contact a business for information.
• During a DDoS attack, immediate efforts should be made to document facts in an incident report. It should be used to document what happened, why it happened, decisions made and how the organization will prevent future attacks. Review and document the load and logs of servers, routers, firewalls, applications and other affected infrastructure. The incident report may be read by a wide audience, and it is therefore important that it’s written in a language that is not overly technical.

Insurance Issues For companies that are either the direct target of a DDoS attack or that are indirectly affected by an attack on a third party, significant business interruption costs, including lost income and other expenses, can be incurred. Consequently, affected companies should scrutinize their insurance policies to determine if they have coverage under either scenario. Because there is no standard cyber insurance policy form, it is important for the insured to review its specific policy form and determine whether it provides coverage for a DDoS attack. Here are some issues to consider in that regard:

• DDoS Provisions.
  • Is there an exclusion for DDoS attacks;
  • Is coverage limited to attacks targeted at the insured’s network;
  • Is there broader coverage for an attack that indirectly affects the insured;
  • Does the definition of “security event,” “security failure” or any relevant similar term include or exclude a DDoS attack?
• Business Interruption Coverage.
  • Is coverage triggered only following a direct attack on the insured company;
  • Is contingent business interruption coverage available;
  • How long is the business interruption waiting period;
  • Is coverage triggered only by a complete business interruption or also by a degradation in business operations caused by the DDoS attack;
  • Is there coverage for professionals, including accountants retained by the policyholder, required to calculate and submit the claim?

Insureds are urged to consult with experienced insurance brokers and advisers to ensure that they obtain appropriate coverage for losses resulting from a DDoS attack. Cyber insurers often are open to negotiation of their policy forms, so insureds are encouraged to work with their insurance professionals to optimize coverage. See also: How to Immunize Against Cyber Attacks   Further, business interruption insurance may not be made available for every company. Companies can make themselves a better candidate for coverage by implementing a strong disaster recovery/business continuity plan.

Drones are becoming widely used in a variety of industries, including insurance. As mentioned last week, millions are expected to be sold in 2017, with PwC calculating the global market for the commercial application of drones at more than $127 billion. So how are insurers using drones right now, and what opportunities are arising? Though drones could theoretically benefit many different aspects of insurance operations, to date the most common application has been roof inspections conducted by certified insurance assessors before payment is made on claims for storm or hail damage. Traditionally, assessors use ladders to climb onto roofs and sometimes need harnesses if the roof is high or steep enough. A manual inspection can take half a day. See also: Drones + Gig Economy = Win for Insurance   A 20-minute drone inspection captures around 350 images of the property in question and provides data that can be used to identify moisture trapped in roofs, produce 3D models and elevation maps, calculate flood or wildfire risk and derive property measurements. This gives insurers several good reasons to carry out these drone inspections. Here are some notable examples in the area:

• Erie Insurance, an American traditional insurer active in the auto, home, commercial and life insurance sectors, is generally credited as the first insurer to use drones to inspect roof damage. It received approval from the American Federal Aviation Authority in the spring of 2015.
• Betterview is an insurtech devoted to using drones for property inspections. The company announced this April that it had executed 6,000 rooftop inspections in the last two years and then signed a partnership agreement with Loss Control 360, which makes software for insurance carriers and inspectors. “We have seen insurers allocate budget dollars in 2017 to move from concept to real production use,” Betterview CEO David Lyman told the Insurance Journal. “In 2018, we expect to see a significant ramp up in the use of drones by insurers and reinsurers.”
• Travelers has used drones to inspect damaged roofs since 2015. The carrier provides insurance-specific drone pilot training to its claims teams; by May this year, it had trained 150 pilots and expected to train hundreds more before the end of the year.

But it’s not just roof damage that drones are being used for. Beyond roof inspection The French global insurer AXA reported in 2016 that it was using drones in a variety of applications in France, Switzerland, Belgium, Mexico and Turkey. The business case is simple— to assess claims, drones can go places that are risky for humans: into fire-damaged buildings, into places where chemical toxicity is suspected and into manufacturing plants or other areas that have been subject to natural or other disasters. AXA is developing tools and platforms to use drone images more efficiently, including this new data source in its claims adjustment processes. Coupling imaging technologies with advanced analytics is proving useful across industries. Drones are being used in disaster management, geographic mapping, crop monitoring, supply chain monitoring, storm tracking and weather forecasting, to maintain power lines, monitor traffic flows and conduct surveillance—all instances that may assist insurers to dynamically adapt and innovate on insurance products and risk cover, especially for short-term cover. Country Financial is, for example, using drones to identify issues in fields that are hard to spot with just "boots on the ground." It says its crop claims adjusters using drones can scout three times as many acres as an adjuster on foot. This technology also gives farmers more information to consider when choosing how much crop insurance coverage they need, the company says, and it means more insurance plans can be based on enterprise-level data rather than county numbers. Evolving drone technology While these examples provide a snapshot of the growing use of drones in P&C insurance inspections, they also highlight some of the limitations of current applications. Regulators require drone pilots to maintain line-of-sight during a flight, limiting the range of a drone’s flight. New regulations—and wider use of fixed-wing drones—could dramatically boost this range, with corresponding increases in the amount of property a single flight could cover. Technology and regulation could also conceivably enable greater autonomy for drones in the future, allowing a single pilot to oversee multiple drones at once. See also: What Is the Future for Drones?   A recent Businessinsider.com article highlights the emergence of generation seven of the technology, with the announcement of 3DRobotics’ all-in-one drone, Solo. These next-generation smart drones have built-in safeguards and compliance tech, smart accurate sensors, platform and payload interchangeability, automated safety modes, enhanced intelligent piloting models and full autonomy, full airspace awareness, auto action (take-off, land and mission execution). Imagine the future opportunities these drones will open up for insurers.

As an introvert, I don't often write or talk about subjects that are highly personal to me, but, every time I do, people seem to appreciate it. In fact, my partner and friend Mike Maddock always encourages me to do it more. Another good friend and a highly regarded insurance industry thought leader, Nick Gerhart, encouraged me to tell this story specifically. So here goes: In the second half of 2017, my family became a three-time reverse lottery winner. When you say that fast, it sounds awesome. But it's not. The reverse lottery is my personal shorthand for the complexities of insurance: random, sucky things that you win money to "fix." It's the lottery you buy a ticket for but never hope to win. These situations have left me with some burning questions. The first experience was the death of my 86-year-old dad in September. My dad experienced a stretch of time in and out of care facilities. I do not need to explain the pain of this loss to anyone. However, that pain is many times worse for my mom. They met as teenagers and were married for 64 years. My dad bought life insurance as part of his retirement plan. I was very proud to encourage that purchase and facilitated it through the company I was working for at the time. While life insurance wasn't really something my parents knew a lot about, they trusted me enough to go ahead with getting a policy on each of them, as they both worked and had pensions to protect. My dad was the one we all expected to live longer, partly because his dad lived to be 94 but also because he promised me that he would live to be 100. So we bought less insurance on him than on my mom. In hindsight, it seems silly to play actuary on the basis of my dad being like Superman to me. While my mom is thrilled to have had any life insurance at all, my only regret it is that I didn't get objective advice on how much to buy, as more was clearly needed. As an insurance executive with years of experience I was humbled by my own process and shortcomings here. It led me to appreciate how difficult it is to plan properly for life’s unknown events. See also: Thought Experiment on Life Insurance   The burning questions on this are, why did a comic book character play the leading role in determining how much life insurance my dad should have? If someone who actually has experience fell into this trap, what happens to everyone else? And how do we help them avoid it? The second “win” of the reverse lottery was the Saturday evening after Thanksgiving, when my husband and I came home to a flood in our condo from a leaking boiler that flooded our entire building but affected only us. It destroyed the floors on two levels, staircase, several walls, molding and ceilings. Luckily, it didn't damage any of our personal stuff. But, needless to say, it's a major inconvenience and stressful to boot during a particularly challenging year at holiday time. We are living in a hotel now as our place is being restored. The good news is that I didn't play actuary this time. I got advice on how much was needed from my financial adviser, Chet, who ironically doesn't make any commission on that type of insurance but encouraged me to have it because he was looking at my needs in totality versus just what he could offer me in terms of products. That's someone who has your back. The other good news is that I chose a reputable insurance company, which really came through for us, paying not just for the damage repair but for all the extra expenses associated with living elsewhere while the repairs are done. The company is coordinating efforts with the condo association, contractors and mold remediation specialists and even wired money into our account within 10 minutes so we didn't have to go out of pocket to eat out more frequently than we typically would. The adjuster breathed a sigh of relief when he saw our policy had plenty of coverage. He told me that so many condo owners wouldn't have enough coverage to repair the damages our condo suffered. We are lucky we had such a comprehensive policy. But really, we were luckier to have the advice to buy it and not cheap out. Policies don't come to you solely by luck; they come by choice, and we chose the richer benefits because it isn’t an expense, it's an investment in sanity. Therefore, the next burning question is, how often does someone outside the company’s ecosystem (i.e., Chet) affect the outcome at claim time? The third experience is perhaps the most difficult to talk about because it is still affecting people 15 years later, including my brother, whose 60th birthday is the same day as I write this. He's a retired NYPD officer and was a first responder to the World Trade Center disaster on 9/11. While we are all well aware of the thousands who lost their lives and the billions of damage to property, that terrorist attack continues to damage more lives from a wide variety of health issues suffered by people at ground zero. This month, right before Christmas, my brother will have an operation to remove part of his kidney due to a 9/11-related mass that was discovered. He has already lost to cancer several friends who were beside him during that time. However, the 9/11 fund has made his journey so hopeful. As an insurance expert, I would characterize it as the mother of all insurance policies. And he almost didn't apply during the open window until one of his buddies encouraged him to do so, because he didn’t want to think about it and didn't know yet that there was anything wrong. Good thing. Not only is all of his care fully paid for directly, but also the doctors working with him are among the best available in the world and are treating him with dignity, respect and the urgency he deserves. Granted, this insurance policy had no premiums associated with it, but he paid with a very different currency to get that type of coverage. And he more than deserves it, as do the others who were down there on that horrific day and the months that followed. Here, the scary burning questions are, what if his buddy didn’t intervene? And what would have happened if the assigned doctor did not treat this situation with urgency and made him wait months for an appointment, as many specialists often do? These burning questions point to a big customer experience lesson. It is to understand that there is so much opportunity to innovate around the moments associated with claims. After all, isn’t that what insurance is all about? People purchase insurance hoping they never use it, but when they need to file a claim the industry must seize this as its opportunity shine. Exceeding expectations is critical. So much of the innovation I see is around making insurance cheaper and easier to buy because it is easier to count time and money saved. However, the benefit side of the equation needs more love and attention, because it is rich with possibilities for a better world. That's because when the random sucky thing happens, it's a gang of people with expertise, empathy or both that dictate how the story will go. And they come from many different angles and don't always get counted in the customer journey, or they may be missing completely. See also: What’s Next for Life Insurance Industry?   Your customer experience efforts must include deep insight on a wide ecosystem of people and their roles, pain points, attitudes and behaviors to fully understand the opportunities to innovate and continuously improve the experience. Do you deeply understand all the players in that ecosystem, how they interact with your ultimate customer and at what critical moments? If not, consider a commitment to getting an unparalleled understanding of the hidden players in the experience. It could do wonders for your competitive advantage in the New Year. Happy birthday to my brother. Looking forward to 2018.

Ever since the Chinese government banned Facebook in 2009, Mark Zuckerberg has been making annual trips there attempting to persuade its leaders to let his company back in. He learned Mandarin and jogged through the smog-filled streets of Beijing to show how much he loved the country. Facebook even created new tools to allow China to do something that goes against the social media giant’s founding principles: censor and suppress content. But the Chinese haven’t obliged. They saw no advantages in letting a foreign company dominate their technology industry. China also blocked Google, Twitter, and Netflix and raised enough obstacles to force Uber out. Chinese technology companies are now among the most valuable—and innovative—in the world. Facebook’s Chinese competitor Tencent eclipsed it in market capitalization in November, crossing the $500 billion mark. Tencent’s social media platform WeChat enables bill payment, taxi ordering, and hotel booking while chatting with friends; it is so far ahead in innovation that Facebook may be copying its features. Other Chinese companies, such as Alibaba, Baidu, and DJI, are racing ahead in ecommerce and logistics; artificial intelligence and self-driving cars; and drone technologies. These companies are gearing up to challenge Silicon Valley itself. See also: What India Can Teach Silicon Valley   The protectionism that economists have long decried—which favors domestic supplies of physical goods and services—supposedly limits competition, creates monopolies, raises costs, and stifles competitiveness and productivity. But this is not a problem in the Internet world. Over the Internet, knowledge and ideas spread instantaneously. Entrepreneurs in one country can easily learn about the innovations and business models of another country and duplicate them. Technologies are advancing on exponential curves and becoming faster and cheaper—so every country can afford them. Technology companies that don’t innovate risk going out of business because local startups are constantly emerging to challenge them. Chinese technology protectionism created a fertile ground for local startups by eliminating the fear of foreign predators. Yes, the technology industry is a predator. Silicon Valley’s moguls openly tout the need to build monopolies and gain unfair competitive advantage by dumping capital. They take pride in their position in a global economy in which money is the ultimate weapon and winners take all. If tech companies cannot copy a technology, they buy the competitor. Amazon, for example, has been losing money or earning razor-thin margins for more than two decades. But because it has gained market share and killed off a lot of its brick-and-mortar competition, investors have rewarded it with a high stock price. With this inflated capitalization, Amazon has raised money at below-market interest rates and used that to increase its market share. Uber has used the same strategy to raise billions of dollars to put potential global competitors out of business. It has also been unscrupulous and unethical in its business practices. With these predators out of the way, Chinese technology companies started adapting Silicon Valley’s technologies and improving on them. In doing so, they weren’t only copying the technologies, but also copying Silicon Valley’s style—which is also to copy. Steve Jobs built the Macintosh by copying the windowing interface from the Palo Alto Research Center. As he admitted in 1994, “Picasso had a saying, ‘Good artists copy; great artists steal’; and we have always been shameless about stealing great ideas.” Apple usually lags in innovations so that it can learn from the successes of others. Indeed, almost every Apple product has elements that are copied. The iPod, for example, was invented by British inventor Kane Kramer; iTunes was built on a technology purchased from Soundjam; and the iPhone frequently copies Samsung’s mobile technologies (Samsung also does the reverse). Facebook’s origins also hark back to the ideas that Zuckerberg copied from MySpace and Friendster. And nothing has changed since: Facebook Places is a replica of Foursquare; Facebook Messenger video duplicates Skype; Facebook Stories is a clone of Snapchat; and Facebook Live combines the best features of Meerkat and Periscope. Facebook tried mimicking WhatsApp but couldn’t gain market share, so it spent a fortune to buy the company (again acting on the Silicon Valley mantra that if stealing doesn’t work, then buy). See also: Time to Rethink Silicon Valley?   America doesn’t realize how much things have changed and how rapidly it is losing its competitive edge. With the Trump administration’s constant anti-immigrant rants, foreign-born people are getting a clear message: Go home; we don’t want you. This is a gift to the rest of the world, because the immigrant exodus is boosting their innovation capabilities. Let's hope they don’t try raising their walls, too.